Index: head/sys/conf/kern.mk =================================================================== --- head/sys/conf/kern.mk (revision 330109) +++ head/sys/conf/kern.mk (revision 330110) @@ -1,278 +1,286 @@ # $FreeBSD$ # # Warning flags for compiling the kernel and components of the kernel: # CWARNFLAGS?= -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes \ -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual \ -Wundef -Wno-pointer-sign ${FORMAT_EXTENSIONS} \ -Wmissing-include-dirs -fdiagnostics-show-option \ -Wno-unknown-pragmas \ ${CWARNEXTRA} # # The following flags are next up for working on: # -Wextra # Disable a few warnings for clang, since there are several places in the # kernel where fixing them is more trouble than it is worth, or where there is # a false positive. .if ${COMPILER_TYPE} == "clang" NO_WCONSTANT_CONVERSION= -Wno-error-constant-conversion NO_WSHIFT_COUNT_NEGATIVE= -Wno-error-shift-count-negative NO_WSHIFT_COUNT_OVERFLOW= -Wno-error-shift-count-overflow NO_WSELF_ASSIGN= -Wno-error-self-assign NO_WUNNEEDED_INTERNAL_DECL= -Wno-error-unneeded-internal-declaration NO_WSOMETIMES_UNINITIALIZED= -Wno-error-sometimes-uninitialized NO_WCAST_QUAL= -Wno-error-cast-qual # Several other warnings which might be useful in some cases, but not severe # enough to error out the whole kernel build. Display them anyway, so there is # some incentive to fix them eventually. CWARNEXTRA?= -Wno-error-tautological-compare -Wno-error-empty-body \ -Wno-error-parentheses-equality -Wno-error-unused-function \ -Wno-error-pointer-sign .if ${COMPILER_VERSION} >= 30700 CWARNEXTRA+= -Wno-error-shift-negative-value .endif .if ${COMPILER_VERSION} >= 40000 CWARNEXTRA+= -Wno-error-address-of-packed-member .endif CLANG_NO_IAS= -no-integrated-as .if ${COMPILER_VERSION} < 30500 # XXX: clang < 3.5 integrated-as doesn't grok .codeNN directives CLANG_NO_IAS34= -no-integrated-as .endif .endif .if ${COMPILER_TYPE} == "gcc" .if ${COMPILER_VERSION} >= 40800 # Catch-all for all the things that are in our tree, but for which we're # not yet ready for this compiler. CWARNEXTRA?= -Wno-error=address \ -Wno-error=aggressive-loop-optimizations \ -Wno-error=array-bounds \ -Wno-error=attributes \ -Wno-error=cast-qual \ -Wno-error=enum-compare \ -Wno-error=inline \ -Wno-error=maybe-uninitialized \ -Wno-error=overflow \ -Wno-error=sequence-point \ -Wno-error=unused-but-set-variable .if ${COMPILER_VERSION} >= 60100 CWARNEXTRA+= -Wno-error=misleading-indentation \ -Wno-error=nonnull-compare \ -Wno-error=shift-overflow \ -Wno-error=tautological-compare .endif .else # For gcc 4.2, eliminate the too-often-wrong warnings about uninitialized vars. CWARNEXTRA?= -Wno-uninitialized .endif .endif # External compilers may not support our format extensions. Allow them # to be disabled. WARNING: format checking is disabled in this case. .if ${MK_FORMAT_EXTENSIONS} == "no" FORMAT_EXTENSIONS= -Wno-format .elif ${COMPILER_TYPE} == "clang" && ${COMPILER_VERSION} >= 30600 FORMAT_EXTENSIONS= -D__printf__=__freebsd_kprintf__ .else FORMAT_EXTENSIONS= -fformat-extensions .endif # # On i386, do not align the stack to 16-byte boundaries. Otherwise GCC 2.95 # and above adds code to the entry and exit point of every function to align the # stack to 16-byte boundaries -- thus wasting approximately 12 bytes of stack # per function call. While the 16-byte alignment may benefit micro benchmarks, # it is probably an overall loss as it makes the code bigger (less efficient # use of code cache tag lines) and uses more stack (less efficient use of data # cache tag lines). Explicitly prohibit the use of FPU, SSE and other SIMD # operations inside the kernel itself. These operations are exclusively # reserved for user applications. # # gcc: # Setting -mno-mmx implies -mno-3dnow # Setting -mno-sse implies -mno-sse2, -mno-sse3 and -mno-ssse3 # # clang: # Setting -mno-mmx implies -mno-3dnow and -mno-3dnowa # Setting -mno-sse implies -mno-sse2, -mno-sse3, -mno-ssse3, -mno-sse41 and -mno-sse42 # .if ${MACHINE_CPUARCH} == "i386" CFLAGS.gcc+= -mno-align-long-strings -mpreferred-stack-boundary=2 CFLAGS.clang+= -mno-aes -mno-avx CFLAGS+= -mno-mmx -mno-sse -msoft-float INLINE_LIMIT?= 8000 .endif .if ${MACHINE_CPUARCH} == "arm" INLINE_LIMIT?= 8000 .endif .if ${MACHINE_CPUARCH} == "aarch64" # We generally don't want fpu instructions in the kernel. CFLAGS += -mgeneral-regs-only # Reserve x18 for pcpu data CFLAGS += -ffixed-x18 INLINE_LIMIT?= 8000 .endif .if ${MACHINE_CPUARCH} == "riscv" CFLAGS.gcc+= -mcmodel=medany -march=rv64imafdc -mabi=lp64 INLINE_LIMIT?= 8000 .endif # # For sparc64 we want the medany code model so modules may be located # anywhere in the 64-bit address space. We also tell GCC to use floating # point emulation. This avoids using floating point registers for integer # operations which it has a tendency to do. # .if ${MACHINE_CPUARCH} == "sparc64" CFLAGS.clang+= -mcmodel=large -fno-dwarf2-cfi-asm CFLAGS.gcc+= -mcmodel=medany -msoft-float INLINE_LIMIT?= 15000 .endif # # For AMD64, we explicitly prohibit the use of FPU, SSE and other SIMD # operations inside the kernel itself. These operations are exclusively # reserved for user applications. # # gcc: # Setting -mno-mmx implies -mno-3dnow # Setting -mno-sse implies -mno-sse2, -mno-sse3, -mno-ssse3 and -mfpmath=387 # # clang: # Setting -mno-mmx implies -mno-3dnow and -mno-3dnowa # Setting -mno-sse implies -mno-sse2, -mno-sse3, -mno-ssse3, -mno-sse41 and -mno-sse42 # (-mfpmath= is not supported) # .if ${MACHINE_CPUARCH} == "amd64" CFLAGS.clang+= -mno-aes -mno-avx CFLAGS+= -mcmodel=kernel -mno-red-zone -mno-mmx -mno-sse -msoft-float \ -fno-asynchronous-unwind-tables INLINE_LIMIT?= 8000 .endif # # For PowerPC we tell gcc to use floating point emulation. This avoids using # floating point registers for integer operations which it has a tendency to do. # Also explicitly disable Altivec instructions inside the kernel. # .if ${MACHINE_CPUARCH} == "powerpc" CFLAGS+= -mno-altivec -msoft-float INLINE_LIMIT?= 15000 .endif .if ${MACHINE_ARCH} == "powerpcspe" CFLAGS.gcc+= -mno-spe .endif # # Use dot symbols (or, better, the V2 ELF ABI) on powerpc64 to make # DDB happy. ELFv2, if available, has some other efficiency benefits. # .if ${MACHINE_ARCH} == "powerpc64" .if ${COMPILER_VERSION} >= 40900 CFLAGS.gcc+= -mabi=elfv2 .else CFLAGS.gcc+= -mcall-aixdesc .endif CFLAGS.clang+= -mabi=elfv2 .endif # # For MIPS we also tell gcc to use floating point emulation # .if ${MACHINE_CPUARCH} == "mips" CFLAGS+= -msoft-float INLINE_LIMIT?= 8000 .endif # # GCC 3.0 and above like to do certain optimizations based on the # assumption that the program is linked against libc. Stop this. # CFLAGS+= -ffreestanding # # The C standard leaves signed integer overflow behavior undefined. # gcc and clang opimizers take advantage of this. The kernel makes # use of signed integer wraparound mechanics so we need the compiler # to treat it as a wraparound and not take shortcuts. -# +# CFLAGS+= -fwrapv # # GCC SSP support # .if ${MK_SSP} != "no" && \ ${MACHINE_CPUARCH} != "arm" && ${MACHINE_CPUARCH} != "mips" CFLAGS+= -fstack-protector +.endif + +# +# Retpoline speculative execution vulnerability mitigation (CVE-2017-5715) +# +.if defined(COMPILER_FEATURES) && ${COMPILER_FEATURES:Mretpoline} != "" && \ + ${MK_KERNEL_RETPOLINE} != "no" +CFLAGS+= -mretpoline .endif # # Add -gdwarf-2 when compiling -g. The default starting in clang v3.4 # and gcc 4.8 is to generate DWARF version 4. However, our tools don't # cope well with DWARF 4, so force it to genereate DWARF2, which they # understand. Do this unconditionally as it is harmless when not needed, # but critical for these newer versions. # .if ${CFLAGS:M-g} != "" && ${CFLAGS:M-gdwarf*} == "" CFLAGS+= -gdwarf-2 .endif CFLAGS+= ${CWARNFLAGS:M*} ${CWARNFLAGS.${.IMPSRC:T}} CFLAGS+= ${CFLAGS.${COMPILER_TYPE}} ${CFLAGS.${.IMPSRC:T}} # Tell bmake not to mistake standard targets for things to be searched for # or expect to ever be up-to-date. PHONY_NOTMAIN = afterdepend afterinstall all beforedepend beforeinstall \ beforelinking build build-tools buildfiles buildincludes \ checkdpadd clean cleandepend cleandir cleanobj configure \ depend distclean distribute exe \ html includes install installfiles installincludes \ obj objlink objs objwarn \ realinstall regress \ tags whereobj .PHONY: ${PHONY_NOTMAIN} .NOTMAIN: ${PHONY_NOTMAIN} CSTD= c99 .if ${CSTD} == "k&r" CFLAGS+= -traditional .elif ${CSTD} == "c89" || ${CSTD} == "c90" CFLAGS+= -std=iso9899:1990 .elif ${CSTD} == "c94" || ${CSTD} == "c95" CFLAGS+= -std=iso9899:199409 .elif ${CSTD} == "c99" CFLAGS+= -std=iso9899:1999 .else # CSTD CFLAGS+= -std=${CSTD} .endif # CSTD # Set target-specific linker emulation name. LD_EMULATION_aarch64=aarch64elf LD_EMULATION_amd64=elf_x86_64_fbsd LD_EMULATION_arm=armelf_fbsd LD_EMULATION_armeb=armelfb_fbsd LD_EMULATION_armv6=armelf_fbsd LD_EMULATION_armv7=armelf_fbsd LD_EMULATION_i386=elf_i386_fbsd LD_EMULATION_mips= elf32btsmip_fbsd LD_EMULATION_mips64= elf64btsmip_fbsd LD_EMULATION_mipsel= elf32ltsmip_fbsd LD_EMULATION_mips64el= elf64ltsmip_fbsd LD_EMULATION_mipsn32= elf32btsmipn32_fbsd LD_EMULATION_mipsn32el= elf32btsmipn32_fbsd # I don't think this is a thing that works LD_EMULATION_powerpc= elf32ppc_fbsd LD_EMULATION_powerpcspe= elf32ppc_fbsd LD_EMULATION_powerpc64= elf64ppc_fbsd LD_EMULATION_riscv64= elf64lriscv LD_EMULATION_sparc64= elf64_sparc_fbsd LD_EMULATION=${LD_EMULATION_${MACHINE_ARCH}} Index: head/sys/conf/kern.opts.mk =================================================================== --- head/sys/conf/kern.opts.mk (revision 330109) +++ head/sys/conf/kern.opts.mk (revision 330110) @@ -1,164 +1,170 @@ # $FreeBSD$ # Options set in the build system that affect the kernel somehow. # # Define MK_* variables (which are either "yes" or "no") for users # to set via WITH_*/WITHOUT_* in /etc/src.conf and override in the # make(1) environment. # These should be tested with `== "no"' or `!= "no"' in makefiles. # The NO_* variables should only be set by makefiles for variables # that haven't been converted over. # # Note: bsd.own.mk must be included before the rest of kern.opts.mk to make # building on 10.x and earlier work. This should be removed when that's no # longer supported since it confounds the defaults (since it uses the host's # notion of defaults rather than what's default in current when building # within sys/modules). .include # These options are used by the kernel build process (kern.mk and kmod.mk) # They have to be listed here so we can build modules outside of the # src tree. __DEFAULT_YES_OPTIONS = \ AUTOFS \ BHYVE \ BLUETOOTH \ CCD \ CDDL \ CRYPT \ CUSE \ FORMAT_EXTENSIONS \ INET \ INET6 \ IPFILTER \ IPSEC_SUPPORT \ ISCSI \ KERNEL_SYMBOLS \ NETGRAPH \ PF \ SOURCELESS_HOST \ SOURCELESS_UCODE \ TESTS \ USB_GADGET_EXAMPLES \ ZFS __DEFAULT_NO_OPTIONS = \ EXTRA_TCP_STACKS \ + KERNEL_RETPOLINE \ NAND \ OFED \ RATELIMIT \ REPRODUCIBLE_BUILD # Some options are totally broken on some architectures. We disable # them. If you need to enable them on an experimental basis, you # must change this code. # Note: These only apply to the list of modules we build by default # and sometimes what is in the opt_*.h files by default. # Kernel config files are unaffected, though some targets can be # affected by KERNEL_SYMBOLS, FORMAT_EXTENSIONS, CTF and SSP. # Things that don't work based on the CPU .if ${MACHINE_CPUARCH} == "arm" . if ${MACHINE_ARCH:Marmv[67]*} == "" BROKEN_OPTIONS+= CDDL ZFS . endif .endif .if ${MACHINE_CPUARCH} == "mips" BROKEN_OPTIONS+= CDDL ZFS SSP .endif .if ${MACHINE_CPUARCH} == "powerpc" && ${MACHINE_ARCH} == "powerpc" BROKEN_OPTIONS+= ZFS .endif .if ${MACHINE_CPUARCH} == "riscv" BROKEN_OPTIONS+= FORMAT_EXTENSIONS .endif # Things that don't work because the kernel doesn't have the support # for them. .if ${MACHINE} != "i386" && ${MACHINE} != "amd64" BROKEN_OPTIONS+= OFED +.endif + +# Things that don't work based on toolchain support. +.if ${MACHINE} != "amd64" +BROKEN_OPTIONS+= KERNEL_RETPOLINE .endif # expanded inline from bsd.mkopt.mk to avoid share/mk dependency # Those that default to yes .for var in ${__DEFAULT_YES_OPTIONS} .if !defined(MK_${var}) .if defined(WITHOUT_${var}) # WITHOUT always wins MK_${var}:= no .else MK_${var}:= yes .endif .else .if ${MK_${var}} != "yes" && ${MK_${var}} != "no" .error "Illegal value for MK_${var}: ${MK_${var}}" .endif .endif # !defined(MK_${var}) .endfor .undef __DEFAULT_YES_OPTIONS # Those that default to no .for var in ${__DEFAULT_NO_OPTIONS} .if !defined(MK_${var}) .if defined(WITH_${var}) && !defined(WITHOUT_${var}) # WITHOUT always wins MK_${var}:= yes .else MK_${var}:= no .endif .else .if ${MK_${var}} != "yes" && ${MK_${var}} != "no" .error "Illegal value for MK_${var}: ${MK_${var}}" .endif .endif # !defined(MK_${var}) .endfor .undef __DEFAULT_NO_OPTIONS # # MK_* options which are always no, usually because they are # unsupported/badly broken on this architecture. # .for var in ${BROKEN_OPTIONS} MK_${var}:= no .endfor .undef BROKEN_OPTIONS #end of bsd.mkopt.mk expanded inline. # # MK_*_SUPPORT options which default to "yes" unless their corresponding # MK_* variable is set to "no". # .for var in \ INET \ INET6 .if defined(WITHOUT_${var}_SUPPORT) || ${MK_${var}} == "no" MK_${var}_SUPPORT:= no .else .if defined(KERNBUILDDIR) # See if there's an opt_foo.h .if !defined(OPT_${var}) OPT_${var}!= cat ${KERNBUILDDIR}/opt_${var:tl}.h; echo .export OPT_${var} .endif .if ${OPT_${var}} == "" # nothing -> no MK_${var}_SUPPORT:= no .else MK_${var}_SUPPORT:= yes .endif .else # otherwise, yes MK_${var}_SUPPORT:= yes .endif .endif .endfor # Some modules only compile successfully if option FDT is set, due to #ifdef FDT # wrapped around declarations. Module makefiles can optionally compile such # things using .if !empty(OPT_FDT) .if !defined(OPT_FDT) && defined(KERNBUILDDIR) OPT_FDT!= sed -n '/FDT/p' ${KERNBUILDDIR}/opt_platform.h .export OPT_FDT .endif Index: head/tools/build/options/WITHOUT_KERNEL_RETPOLINE =================================================================== --- head/tools/build/options/WITHOUT_KERNEL_RETPOLINE (nonexistent) +++ head/tools/build/options/WITHOUT_KERNEL_RETPOLINE (revision 330110) @@ -0,0 +1,3 @@ +.\" $FreeBSD$ +Set to disable the "retpoline" mitigation for CVE-2017-5715 in the kernel +build. Property changes on: head/tools/build/options/WITHOUT_KERNEL_RETPOLINE ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/tools/build/options/WITH_KERNEL_RETPOLINE =================================================================== --- head/tools/build/options/WITH_KERNEL_RETPOLINE (nonexistent) +++ head/tools/build/options/WITH_KERNEL_RETPOLINE (revision 330110) @@ -0,0 +1,3 @@ +.\" $FreeBSD$ +Set to enable the "retpoline" mitigation for CVE-2017-5715 in the kernel +build. Property changes on: head/tools/build/options/WITH_KERNEL_RETPOLINE ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property